Lucene search
K

263 matches found

CNNVD
CNNVD
added 2024/09/25 12:0 a.m.6 views

CS-Cart 安全漏洞

CS-Cart is an e-commerce platform from CS-Cart Inc. A security vulnerability exists in CS-Cart version 4.16.1. A remote attacker can exploit the vulnerability to obtain sensitive information via the productdata parameter in the PDF add-on...

8.8CVSS6.5AI score0.0128EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.28 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

0.00684EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.16 views

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

7AI score0.0062EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.20 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

7.5AI score0.00684EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.13 views

CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...

0.01245EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.5 views

PT-2024-12108 · Cs Cart Multivendor +1 · Pdf Add-On +1

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to obtain sensitive information via the product data parameter in the PDF Add-on. This is a Directory Traversal vulnerability, which can be exploited to access...

8.8CVSS6.8AI score0.0128EPSS
Exploits1References6
CVE
CVE
added 2024/09/24 12:0 a.m.64 views

CVE-2023-26691

CVE-2023-26691 affects CS-Cart MultiVendor 4.16.1. A Directory Traversal vulnerability in the add-on installation ZIP processing may allow remote code execution when installing a new add-on. Affected software: CS-Cart MultiVendor 4.16.1. Impact stated: remote arbitrary code execution via crafted ...

7.2CVSS7.5AI score0.01245EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.18 views

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

0.0062EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.5 views

PT-2024-12111 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the File Manager/Editor component in the vendor or admin menu. This is a result of a File Upload vulnerability. Recommendations: For...

8.8CVSS7.3AI score0.00684EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.5 views

PT-2024-12109 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the product data parameter of add/edit product in the administration interface. This enables attackers to execu...

5.4CVSS6.7AI score0.00423EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.21 views

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

0.00423EPSS
Exploits1References2
CVE
CVE
added 2024/09/24 12:0 a.m.53 views

CVE-2023-26689

Summary: CVE-2023-26689 affects CS-Cart MultiVendor 4.16.1, where an attacker can alter arbitrary user account profiles via crafted POST requests. Root cause: insufficient authorization for profile editing. Impact is high (CVE score 9.8). Remediation guidance from related sources suggests disabli...

9.8CVSS7.2AI score0.0062EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.11 views

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

6.3AI score0.00423EPSS
Exploits1References2
CVE
CVE
added 2024/09/24 12:0 a.m.45 views

CVE-2023-26687

CVE-2023-26687 concerns CS-Cart MultiVendor 4.16.1, where a Directory Traversal flaw in the PDF Add-on allows remote attackers to obtain sensitive information via the product_data parameter. The vulnerability affects the PDF Add-on handling of that parameter, enabling access to files/directories ...

8.8CVSS6.7AI score0.0128EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.33 views

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

0.0128EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.13 views

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

6.5AI score0.0128EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.14 views

CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...

7.5AI score0.01245EPSS
Exploits1References2
CVE
CVE
added 2024/09/24 12:0 a.m.57 views

CVE-2023-26686

CVE-2023-26686 : CS-Cart MultiVendor 4.16.1 has a file-upload vulnerability in the image upload feature used during shop customization, enabling remote attackers to execute arbitrary code. The root cause is not explicitly detailed beyond noting a file upload flaw; no exploitation specifics or mit...

9.8CVSS7.6AI score0.00711EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.19 views

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...

0.00711EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.14 views

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...

7.5AI score0.00711EPSS
Exploits1References2
Rows per page
Query Builder